Deprecated
You are looking to the old version of the API (version 1.0) Commanders Act will end support and maintenance for HTTP tracking API source 1.0 on August 31, 2023. This API will be fully deprecated on December 2023. After this date, the current format will no longer be supported and any requests using it may generates error.
We encourage you to begin using the new payload format as soon as possible to ensure a smooth transition. The new format is described here. Please refer to our documentation for more information on how to use the new format.
What changed in the payload format from the 1.0 to the 2.0 version :
All event data were inside the properties object. They are now at the root. The properties object doesn't exist any more.
All contextual meta-data were at the root, they are now inside a new context object. For example these meta-data obects event_id, device, page, app, event_timestamp are now in the context object.
The HTTP Tracking API 1.0 lets you record data from any website or application. Requests are routed to our servers, and your data is routed to any destination you desire.
Authenticate to the Tracking API by sending your project’s Source Key along with a request in the headers like so: Authorization: Bearer NJtcKaoCYu...mGZDxRgMBMUw==
The source key is provided to you when you create a source in the source catalogue
To send data to our HTTP API, a content-type header must be set to 'application/json'.
We presently return a 200 response for all API requests, thus debugging should be done using the platform interface or our config API (event inspector or event delivery API). The sole exception is that if the request is too large or the JSON is invalid, it will return a 400.
There is a maximum of 32KB per API request.
There is no real rate limit above which the system will discard your data. But if you need to import at a rate faster than 500 requests per second, please contact us beforehand.
You may use the event API to capture the actions that your users perform. Every action results in what is known as an "event," which have associated properties.
You should keep track of activities that are indications of your app's performance, such as Signed Up, Item Purchased, and Article Bookmarked. To begin, we recommend tracking only a few key events. More may easily be added later!
Example event call: ()
Find details on best practices in event naming as well as the event method payload in our Spec.
If you want to use Http tracking API from you mobile APP instead of SDK, look at the Mobile event specificity
Timestamps supported are in milliseconds (ms).
version 2.0
The HTTP Tracking API is used to track events from any website, application or server. The data is collected by our servers, and then processed and routed to any configured destination. It is often used for server-to-server use case.
To manage users, check instead the dedicated User API, and for products, the Product API.
The API's collect endpoint is available at the following URL:
HTTP method: POST
tc_s (required): site id
token (required): source key
The source key is displayed in the settings of any source.
The endpoint requires a Content-Type header set to application/json:
The properties of the event must be provided in the request body in JSON format.
Find details on best practices in event naming as well as the event method payload in our specifications.
The format of the payload evolved on Nov. 2022. The old format will still be supported during one year. More information here.
Timestamps must be in milliseconds (ms).
consistent_anonymous_id corresponds to a unique identifier for a user, used on the CAX platform to identify a user. It is the equivalent of CAID cookie on a Web source.
The endpoint returns a 200 HTTP response to all API requests. Thus, debugging should be done using the platform interface or our config API (event inspector or event delivery API).
As an exception, a 400 HTTP code is returned in case the request is too large or the payload JSON is invalid.
There is a maximum of 32KB per API request.
The batch API endpoint accepts a maximum of 500KB per request, with a limit of 32KB per event in the batch.
There is no real rate limit above which the system will discard your data. But if you need to import at a rate faster than 500 requests per second, please contact us beforehand.
Example of an API request:
Download OpenAPI specification:
Our API operates over HTTPS, a standard for secure communication on the internet. This protocol ensures that data is encrypted and transmitted securely.
In conjunction with HTTPS, we employ an API token-based authentication system. Each created source is assigned a unique token that remains consistent across all API requests for this specific source. This design offers both security and convenience, allowing clients to manage multiple sources each with their own dedicated token. The ability for clients to create, manage, and deactivate sources at will via our interface adds an additional layer of control, ensuring that tokens can be invalidated as necessary for security or operational reasons. Our security approach is tailored to the diverse needs of our clients. We focus on providing a secure, efficient, and user-friendly experience. Our choice of HTTPS and token-based authentication aligns with our commitment to delivering robust security while ensuring ease of integration and operational flexibility for our clients. This approach is chosen over more complex systems like Mutual TLS (mTLS), OpenID Connect (OIDC), or IP filtering.
Currently the batch endpoint is not publicly open, please contact us if you want to be part of the closed beta.
The batch method lets you send a series of event requests in a single batch, saving on outbound requests.
There is a maximum of 500KB per batch request and 32KB per call.
The BATCH API's collect endpoint is available at the following URL:
Example of an API request: